Bug 575731

Comment 1 Some User 2021-09-02 16:22:30 EDT

Also affects http://download.eclipse.org/technology/
(have edited the title of this report accordingly)

Comment 2 Some User 2021-09-02 16:40:25 EDT

Or maybe this applies to all (?) subpages of the download.eclipse.org subdomain. For example the 404 page for http://download.eclipse.org/does-not-exist/ does not redirect to HTTPS either. But http://eclipse.org/does-not-exist/ does perform a redirect.

Comment 3 Eclipse Webmaster 2021-09-03 14:28:43 EDT

I think it's time to simply redirect all d.e.o traffic from HTTP to HTTPS.  I've submitted a patch to do that which needs internal review before it goes live.

-M.

Comment 4 Denis Roy 2021-09-03 14:34:54 EDT

*** Bug 571595 has been marked as a duplicate of this bug. ***

Comment 5 Some User 2021-09-04 19:39:00 EDT

(In reply to Denis Roy from comment #4)
> *** Bug 571595 has been marked as a duplicate of this bug. ***

That report also mentions archive.eclipse.org; will that be redirected as well in the future?

Comment 6 Some User 2021-09-06 07:04:04 EDT

Is looks like subpages of www.eclipse.org and eclipse.org are affected in a similar way. Do you want me to create a separate report for this?

For example opening http://www.eclipse.org/projects/ or http://eclipse.org/org/workinggroups/ in a new private browser window does not redirect to HTTPS.
However, if you had opened eclipse.org using HTTPS in the past, then you are redirected to HTTPS due to HSTS.

Comment 7 Eclipse Webmaster 2021-09-14 11:14:47 EDT

The patch has been made live so both downloads and archive should now correctly redirect requests to HTTPS.

-M.

Comment 8 Mickael Istria 2021-09-16 11:59:30 EDT

(In reply to Eclipse Webmaster from comment #7)
> The patch has been made live so both downloads and archive should now
> correctly redirect requests to HTTPS.

Thanks for that!